of 20
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.

Network Protocols. Routing. TDC375 Spring 2009/10 John Kristoff - DePaul University 1

Category:

Speeches

Publish on:

Views: 3 | Pages: 20

Extension: PDF | Download: 0

Share
Description
Network Protocols Routing TDC375 Spring 2009/10 John Kristoff - DePaul University 1 One of two critical systems BGP and DNS are, by far, the two most fundamentally critical components of the Internet infrastructure.
Transcript
Network Protocols Routing TDC375 Spring 2009/10 John Kristoff - DePaul University 1 One of two critical systems BGP and DNS are, by far, the two most fundamentally critical components of the Internet infrastructure. TDC375 Spring 2009/10 John Kristoff - DePaul University 2 Do all IP hosts route? Yes. Most hosts make one of three routing decisions: 1) Send packet to another via a relay 2) Send packet to itself 3) Send packet to a directly attached neighbor TDC375 Spring 2009/10 John Kristoff - DePaul University 3 Simplified routing decision tree TDC375 Spring 2009/10 John Kristoff - DePaul University 4 Your end host!= router Need to know your address, network and gateway Not so much a routing system process This is your host's bootstrap challenge We don't tend to think of end hosts as routers How do they differ then? network / interface attachments distributed routing algorithms forwarding packets on another's behalf TDC375 Spring 2009/10 John Kristoff - DePaul University 5 Real routers work more like this TDC375 Spring 2009/10 John Kristoff - DePaul University 6 Best match forwarding So the routing decision goes kind of like this: Is this packet for me? Is this packet for an attached interface? What is the most specific network route I have? Host (/32) route, /31, /30, /29,... default (/0)? Send to the best one If no route, drop and return ICMP error to source TDC375 Spring 2009/10 John Kristoff - DePaul University 7 Routers as signposts TDC375 Spring 2009/10 John Kristoff - DePaul University 8 How do routers build a signpost? Maybe manual configured, but that doesn't scale Routers gossip amongst themselves Well defined gossip protocols are used e.g. RIP, EIGRP, OSPF, IS-IS, BGP a bootstrap configuration is generally required Reachability information associated with all routes e.g. distance, cost, preference, policy TDC375 Spring 2009/10 John Kristoff - DePaul University 9 Key IP field for routing: TTL More apt name today would be hop count In fact, that is just what it is called in IPv6 now This field prevents packets looping forever Other uses are secondary to this traceroute Source OS fingerprint and distance detection BGP peering hack (aka GTSM, RFC 3682) TDC375 Spring 2009/10 John Kristoff - DePaul University 10 Key IP field for routing: Destination Address Consists of both a... host/interface identifier (usually unique) and a network identifier (also usually unique) Combined, the daddr helps hosts and routers get the packet to the correct network and to the specific host on the correct network TDC375 Spring 2009/10 John Kristoff - DePaul University 11 BGP Overview The routing protocol for connecting domains Besides the network prefix the path is the key component of a BGP route Autonomous system numbers (ASNs) define path generally an ASN == domain NOTE: this is not a reference to DNS! Even if you don't use it for actual Internet routing, it might be handy for other things (e.g Team Cymru bogon route server, IP addr to ASN mapping) TDC375 Spring 2009/10 John Kristoff - DePaul University 12 IS-IS/OSPF Overview Widely used intradomain routing protocols Link state database of entire routed network built by all routers Each router can make an optimal forwarding decision, because it has a complete view of all the routers and their attached networks Relatively simple idea, but is a bit more complex to implement e.g. database synchronization issues TDC375 Spring 2009/10 John Kristoff - DePaul University 13 A real Internet BGP route entry route-views.oregon-ix.net sh ip bgp /24 BGP routing table entry for /24, version Paths: (34 available, best #7, table Default-IP-Routing-Table) Not advertised to any peer from ( ) Origin IGP, localpref 100, valid, external from ( ) Origin IGP, localpref 100, valid, external from ( ) Origin IGP, metric 4103, localpref 100, valid, external TDC375 Spring 2009/10 John Kristoff - DePaul University 14 An example routing table route-views.oregon-ix.net show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B BGP D - EIGRP, EX - EIGRP external, O OSPF IA - OSPF inter area, N1 - OSPF NSSA external type 1 N2 - OSPF NSSA external type 2, E1 - OSPF external type 1 E2 - OSPF external type 2, E - EGP i IS-IS su - IS-IS summary, L1 - IS-IS level-1 L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is to network B /24 [20/489] via , 18:06:49 B B /24 [20/0] via , 18:07: /24 [20/0] via , 18:08:11 B /24 [20/0] via , 18:08:21 B B /24 [20/0] via , 17:59: /24 [20/0] via , 18:00:57 B B /24 [20/0] via , 17:59: /24 [20/0] via , 18:00:28 TDC375 Spring 2009/10 John Kristoff - DePaul University 15 Want router access? Telnet to route-views.routeviews.org Browse to Go easy, don't ruin it for the rest of us please Notwithstanding potential bugs or attacks, by default access it intended to be limited (sorry, no enable ), but they can still be very helpful for remote analysis and troubleshooting TDC375 Spring 2009/10 John Kristoff - DePaul University 16 You do have enable, kind of On Unix, Linux, Mac OS X netstat -arn On Microsoft Windows route print TDC375 Spring 2009/10 John Kristoff - DePaul University 17 There is router security and there is route security Few serious network engineers use HTTP That's probably a good thing! you say Many Cisco networks still use Telnet This is where you security people go WTF!?!? Many networks have SNMPv1 write enabled Then you go OMFG!?! Almost nobody watches out for more specifics Specifics smurifics, whoop-dee TDC375 Spring 2009/10 John Kristoff - DePaul University 18 Au contraire Router security Authentication, filtering, crypto... DONE! Eh, no. Route security This is the old, my security, depends on your ability to do security problem Say you have and announce a /16 Someone announces /24's in that /16. Uh-oh. TDC375 Spring 2009/10 John Kristoff - DePaul University 19 FYI... Stay tuned for... BGP OSPF Blackholes, data and routing plane security The routing process Peering And much, much more After the mid-term exam... phew! TDC375 Spring 2009/10 John Kristoff - DePaul University 20
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks